ASA Grok Failure ASA-4-113019

pankaj · May 11, 2020, 10:05am

I am trying to parse and index the cisco asa logs for particular syslog messages . The grok debuger showing the code okay but I dont see the logs indexed in elasticsearch

Regards
Pankaj

pankaj · May 11, 2020, 10:12am

Here is my code .

=================code============================================================
#If CiscoTag is ASA-4-113019 -
if [type] == "cisco-fw" and [ciscotag] == "ASA-4-113019" {
grok {
match => ["cisco_message", "Group = %{GREEDYDATA:group}, Username =%{GREEDYDATA:user}, IP = %{IP:src_ip}, (?%{WORD} %{WORD}). Session Type: %{GREEDYDATA:type}, Duration: %{GREEDYDAT
A:duration}, Bytes xmt: %{GREEDYDATA:xmtbytes}, Bytes rcv: %{GREEDYDATA:rcvbytes}, Reason: %{GREEDYDATA:reason}"]
}
}

system · June 8, 2020, 10:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.